Adobe Flash support in BES

Author: wchen-r7

lib/msf/core/exploit/remote/browser_exploit_server.rb

@@ -42,20 +42,21 @@ module Exploit::Remote::BrowserExploitServer
 
     # Requirements a browser module can define in either BrowserRequirements or in targets
     REQUIREMENT_KEY_SET = {
-      :source       => 'source',      # Either 'script' or 'headers'
-      :ua_name      => 'ua_name',     # Example: MSIE
-      :ua_ver       => 'ua_ver',      # Example: 8.0, 9.0
-      :os_name      => 'os_name',     # Example: Microsoft Windows
-      :os_flavor    => 'os_flavor',   # Example: XP, 7
-      :language     => 'language',    # Example: en-us
-      :arch         => 'arch',        # Example: x86
-      :proxy        => 'proxy',       # 'true' or 'false'
-      :silverlight  => 'silverlight', # 'true' or 'false'
-      :office       => 'office',      # Example: "2007", "2010"
-      :java         => 'java',        # Example: 1.6, 1.6.0.0
-      :clsid        => 'clsid',       # ActiveX clsid. Also requires the :method key
-      :method       => 'method',      # ActiveX method. Also requires the :clsid key
-      :mshtml_build => 'mshtml_build'  # mshtml build. Example: "65535"
+      :source       => 'source',       # Either 'script' or 'headers'
+      :ua_name      => 'ua_name',      # Example: MSIE
+      :ua_ver       => 'ua_ver',       # Example: 8.0, 9.0
+      :os_name      => 'os_name',      # Example: Microsoft Windows
+      :os_flavor    => 'os_flavor',    # Example: XP, 7
+      :language     => 'language',     # Example: en-us
+      :arch         => 'arch',         # Example: x86
+      :proxy        => 'proxy',        # 'true' or 'false'
+      :silverlight  => 'silverlight',  # 'true' or 'false'
+      :office       => 'office',       # Example: "2007", "2010"
+      :java         => 'java',         # Example: 1.6, 1.6.0.0
+      :clsid        => 'clsid',        # ActiveX clsid. Also requires the :method key
+      :method       => 'method',       # ActiveX method. Also requires the :clsid key
+      :mshtml_build => 'mshtml_build', # mshtml build. Example: "65535"
+      :flash        => 'flash'         # Example: "12.0" (chrome/ff) or "12.0.0.111" (IE)
     }
 
     def initialize(info={})
@@ -222,9 +223,12 @@ def get_bad_requirements(profile)
     # For more info about what the actual value might be for each key, see HttpServer.
     #
     # If the source is 'script', the profile might have even more information about plugins:
-    # 'office'  : The version of Microsoft Office (IE only)
-    # 'activex' : Whether a specific method is available from an ActiveX control (IE only)
-    # 'java'    : The Java version
+    # 'office'       : The version of Microsoft Office (IE only)
+    # 'activex'      : Whether a specific method is available from an ActiveX control (IE only)
+    # 'java'         : The Java version
+    # 'mshtml_build' : The MSHTML build version
+    # 'flash'        : The Flash version
+    # 'silverlight'  : The Silverlight version
     #
     # @param tag [String] Either a cookie or IP + User-Agent
     # @return [Hash] The profile found. If not found, returns nil
@@ -375,7 +379,8 @@ def get_detection_html(user_agent)
           "<%=REQUIREMENT_KEY_SET[:ua_ver]%>"      : osInfo.ua_version,
           "<%=REQUIREMENT_KEY_SET[:arch]%>"        : osInfo.arch,
           "<%=REQUIREMENT_KEY_SET[:java]%>"        : window.misc_addons_detect.getJavaVersion(),
-          "<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight()
+          "<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight(),
+          "<%=REQUIREMENT_KEY_SET[:flash]%>"       : window.misc_addons_detect.getFlashVersion()
         };
 
         <% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>